| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When rebuilding the host (through `nixos-rebuild switch --flake`) I
don't want to rebuild also my home-manager configuration. I want these
to be two different steps.
I rebuild the home-manager configuration more frequently and it's a
waste of time and CPU to rebuild the world every time.
This is a pretty large refactoring:
- move checks back into the flake: if I modify a check, the
configuration for `pre-commits` is not regenerated, as the file with the
checks is not monitored with `direnv` (I could probably configure it for
it, but not now)
- remove `home.nix` from the host level configuration
- introduce a `mkHomeManagerConfiguration` function to manage the
different user@host
- fix a warning with the rust overlay
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configuration needs to be updated, we set the value for
`bucket_policy_only` to true now that we've set the bucket to use
uniform bucket level
access (https://cloud.google.com/storage/docs/uniform-bucket-level-access).
Change-Id: I7e9516709af4be35a3964937c1dbd728bcfe1f01
Reviewed-on: https://cl.fcuny.net/c/world/+/709
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I17ea0baab0d74888ed1b21342c583495d3f52643
Reviewed-on: https://cl.fcuny.net/c/world/+/705
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the secure configuration for gerrit is not managed by nix.
This is likely going to break in the future and I'll hate myself for
that. Let's move it into nix and encrypt it with age, like we do for
other secrets.
Change-Id: Ia7a006748a3ad64fa4b97ca9e8cbd98c99433982
Reviewed-on: https://cl.fcuny.net/c/world/+/622
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I don't need to backup these directories in my home.
Change-Id: Ia2302f2ebe74033090b86b52864787d2a63ecb4b
Reviewed-on: https://cl.fcuny.net/c/world/+/620
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The pre-commit hook for new lines reported and correct a number of
issues, so let's commit them now and after that we ca enable the hook
for the repository.
Change-Id: I5bb882d3c2cca870ef94301303f029acfb308740
Reviewed-on: https://cl.fcuny.net/c/world/+/592
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
| |
Change-Id: I75df9d3ba133e3f7380a518e1b8c70a564f60482
Reviewed-on: https://cl.fcuny.net/c/world/+/481
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm considering trying again fish, and there are a number of things that
should be common between zsh and fish (aliases, environment variables,
...).
Instead of duplicating these settings multiple time, I'm consolidating
the shell configurations under `home/shell`, and I can set the shell I
want to use with `my.home.shell.name`.
The first step is to move the modules for fish and zsh under
`home/shell`, add an interface to pick which one I want to use, and
modify the `host/home.nix` configuration to keep using zsh with the new
interface.
Change-Id: Idb66b1a6fcc11a6eeaf5fd2d32dd3698d2d85bdf
Reviewed-on: https://cl.fcuny.net/c/world/+/455
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I do not use drone anymore, no need to keep this around.
Change-Id: I8f9564747939a6d1a2b95bcfe8e2c70e46d8bc1e
Reviewed-on: https://cl.fcuny.net/c/world/+/411
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
This was done by running `nixpkgs-fmt .'.
Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295
Reviewed-on: https://cl.fcuny.net/c/world/+/404
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
We need to ensure the agents can read the secrets / tokens to vote after
a build.
Change-Id: I066c2482a795b21badaa9cc3c525373d7945b084
Reviewed-on: https://cl.fcuny.net/c/world/+/341
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I9abd49136df79a9ed040c9ec0e12eea30736c9ff
Reviewed-on: https://cl.fcuny.net/c/world/+/295
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: Iae8860631a9d313d5b4f78d171d0dfebc6ef6ff9
Reviewed-on: https://cl.fcuny.net/c/world/+/283
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
There's one user per agent. If we don't set an owner for that file, it
will be owned by root. Let's set the ownership to the first builder.
Change-Id: I1270e6858c0bf2797bd12c2557d84a494cef5081
Reviewed-on: https://cl.fcuny.net/c/world/+/281
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I'm not using drone anymore. I don't need the CLI and the secret to be
installed.
Change-Id: I9c8ecfe5f051fd70d78f0e2e9aaa705e48627714
Reviewed-on: https://cl.fcuny.net/c/world/+/261
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The secret is the configuration for the gerrit-hook tool. It contains
the URL to our gerrit instance, the username/password for the gerrit
user used by the tool, the API token for buildKite and the name of the
organization in buildKite.
Change-Id: I58233e085c92d4c5db5635eb9942a5e87ee9e55d
Reviewed-on: https://cl.fcuny.net/c/world/+/204
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I12cc741bdfb074f7d2a006547860362176afe372
Reviewed-on: https://cl.fcuny.net/c/world/+/169
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I652a3326caf8f949e9734849d1492f7b9764a766
Reviewed-on: https://cl.fcuny.net/c/world/+/167
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
|
|
|
| |
I will not be using drone anymore, and will likely replace it with
buildkite.
Change-Id: I45d91c43090aaba119855158e071dae377c1897f
Reviewed-on: https://cl.fcuny.net/c/world/+/162
Reviewed-by: Franck Cuny <franck@fcuny.net>
|
|
|
|
|
|
| |
Change-Id: I3b00408d7550d7660fb33940ae2cd0806076f4d2
Reviewed-on: https://cl.fcuny.net/c/world/+/62
Reviewed-by: Franck Cuny <franck.cuny@gmail.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
`zsh' is available everywhere and is compatible with bash. When using
`fish' I need to remember how to do things. While the completion style
is nicer, I don't care about the rest. I prefer to have a consistent
experience in the shell, no matter where am I.
This is an initial configuration, I might need to make a few changes as
I go.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the laptop I only backup /home/fcuny, as the rest should be
straightforward to rebuild with nix.
I run that backup as my own user, since I need my ssh key to use the
remote repository (which is on the NAS). I also need a new secret for
it (I might have been able to use `pass' for this, but well, that's easy
enough).
For the NAS, I update the list of directories to backup to include home,
this will be on the systems backup.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This will ultimately replace traefik.
|
|
|
|
|
|
| |
Having the secrets closer to the host is easier to manage. At the moment
I don't have secrets that are shared across multiple hosts, so that's an
OK approach.
|
| |
|
|
|
|
|
| |
Refactor a bit the configuration, which should simplify the management
and usage of secrets from now on.
|
|
|
|
| |
Do a single backup for the host, instead of running multiple ones.
|
|
|
|
| |
So we can unlock the disks remotely.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All the modules that are needed for home-manager should be under
`home/`, and each host will have a `host.nix` where the modules are
enabled as needed. Later on we can create some profiles to make it
easier to consume the configuration.
I apply this only to tahoe for now, as the amount of packages needed for
my user are pretty limited.
|
| |
|
|
|
|
|
|
|
|
|
| |
We don't need the previous `hosts/common/system` configs anymore, as
everything has been moved out.
We keep some boot configuration for carmel in the host configuration for
now, but I need to check why I don't have similar settings for
tahoe (since I also need to unlock the host remotely).
|
| |
|
| |
|
|
|
|
| |
Move the networking configuration for the hosts to its own file.
|
|
|
|
| |
This reverts commit 814a495e9c74e3211c6b6640397111115832207b.
|
|
|
|
| |
Apply the role to tahoe.
|
|
|
|
| |
Profiles contain a collection of modules.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Ensure at least /data/media/music is created with the proper ownership.
|
| |
|
|
|